Security Awareness

Buying a certificate to allow for transport security is a good idea if you’re worried about man in the middle attacks. But when you’re in another country where the cost of running your website is a significant investment compared to the United States, suddenly the fees associated with the risks are totally lopsided...

It’s not every day I come across real wisdom in research but I saw a link yesterday to So Long, And No Thanks for the Externalities: The Rational Rejection of Security Advice by Users which is a research paper written by one of the guys at Microsoft. There are some amazingly choice quotes in there, like

As business leaders continue to reach out and embrace global opportunities, the ability to recognize and mitigate operational threats is paramount....a recent memorandum discusses 28 countries having serious deficiencies in their strategies for countering money laundering and financial terrorist activities

...the results from the annual "Human Factor in Laptop Encryption" study performed by Absolute Software and the Ponemon Institute reveal some very interesting metrics about the use/adoption of encryption software and the risk posed to businesses from the loss of unencrypted media.

News surrounding the attacks at Google and other companies are a dime a dozen and, while we have not seen any evidence publicly disclosed, we too can speculate along with everyone else. My first thoughts surrounding the news of the attack led me to believe that the compromise may have been an inside job.

According to Symantec's 2010 State of Enterprise Security study, 75 per cent of enterprises experienced cyber attacks in the last 12 months and 36 per cent rated the attacks somewhat/highly effective. Also, there was a 29 per cent rise in reported attacks in the last 12 months.

Imagine that a widely downloaded, malicious smart phone application has triggered a national security crisis and brought the country’s telecommunications and electronic infrastructure to a standstill. This scenario was only make-believe: the East Coast still has power and Midwestern factories are functioning. But the threats from cyber exploits against the national and economic security of t...

People from all walks of life including influential decision makers are quickly firing off ye ole “Blame Microsoft” rants this week after another debacle involving Google and China. The debacle involved so-called State Sponsored (from China) “hacktivities” to compromise Gmail accounts. The attacks were – as we’re told – targeted towards Internet Explorer v...

Earlier this month, CSO reported on a worldwide recall on several hardware-encrypted USB sticks from multiple vendors because they contain a flaw which could allow hackers to easily gain access to the sensitive information contained on the device. With the quality of security questionable in many USB drives, it would stand to reason that losing any stick carrying sensitive information now carries ...

A rising swarm of cyber-robberies targeting small firms, local governments, school districts, churches and non-profits has prompted an extraordinary warning. The American Bankers Association and the FBI are advising small and midsize businesses that conduct financial transactions over the Internet to dedicate a separate PC used exclusively for online banking.

The 2009 CSI Computer Crime and Security survey identified a number of shifts in significant cybersecurity threats this year. Malware infections jumped to 64% from 50%, reversing a dip in the number of companies experiencing malware infections that started in 2005. That year, the figure was 74%.

Stealing employer data has become endemic in our culture. According to a survey conducted with 300 office workers in New York City examining the impact of the recession on ethics and security, 85 percent of the respondents admitted to knowing that downloading corporate information from their employer was illegal, yet a quarter of those surveyed would take the data regardless of the penalties.

The Senate Judiciary Committee Thursday approved two companion bills that would require businesses and government agencies to notify individuals of security breaches involving sensitive personally identifiable information. Both bills go to the Senate for consideration.

Williams College in Williamstown reports a recent laptop theft. The laptop, which was stolen when an employee left it in a parked car in Boston on October 3, contained the names and Social Security numbers of 750 individuals from 39 states and several foreign countries.

Because data breaches have become such commonplace incidents, there is concern that people have become desensitized to the potential harm they face upon receiving a notification letter from an organization informing them that sensitive information has been lost or misappropriated.